A former Yahoo executive has said that up to three billion user accounts may have been compromised in 2014's security breach, considerably larger than the 500 million estimated by Yahoo.
The source, alleged to be "a former Yahoo insider familiar with the company's security practises", has revealed because of the way its user information is stored, the breach would have exposed a far greater quantity of account information.
Specifically, they said that all of Yahoo's services – which include Yahoo Mail, Finance, Flickr and Tumblr – share one main user database, which was the target for 2014's so-called "mega-breach".
At that time, the database is estimated to have stored on it the credentials for between 700 million and 1bn active user accounts as well as the details of inactive accounts that hadn't been deleted.
However the former executive, who is allegedly in contact with Yahoo employees investigating the breach, told Business Insider: "I believe it to be bigger than what's being reported. How they came up with 500 (million) is a mystery". They instead claimed it may be anywhere between one and three billion.
All customers notified
It is currently unclear whether the breach was a state-sponsored attack or carried out by criminals, with Yahoo and cybersecurity firms currently at odds over who is to blame.
A Yahoo spokesperson told IBTimes UK that the company had notified all of the users thought to have been affected by the breach, adding: "Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen...We stand by these numbers and note this is an ongoing investigation."